hyungi/tk-factory-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(tkuser): requireAdmin → requireAdminOrPermission 전환 — 권한 기반 접근 제어

Browse Source 
- 9개 라우트 파일의 쓰기 작업을 requireAdminOrPermission으로 전환
- 권한 관리에서 tkuser.* 권한 부여 시 일반 사용자도 해당 탭 접근 가능
- GET(참조 데이터)은 requireAuth 유지, permissionRoutes는 admin 전용 유지
- 기존 partnerRoutes.js 패턴과 동일한 방식 적용

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Hyungi Ahn
2026-03-25 14:29:28 +09:00
parent d663b9bfa6
commit a6724b2a20
9 changed files with 66 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
user-management/api/routes/vacationRoutes.js
View File

@@ -8,23 +8,25 @@
const express = require('express');
const router = express.Router();
const vc = require('../controllers/vacationController');
const { requireAuth, requireAdmin, requireMinLevel } = require('../middleware/auth');
const { requireAuth, requireAdminOrPermission, requireMinLevel } = require('../middleware/auth');
const vacPerm = requireAdminOrPermission('tkuser.vacations');
// Vacation Types (휴가 유형)
router.get('/types', requireAuth, vc.getVacationTypes);
router.post('/types', requireAdmin, vc.createVacationType);
router.put('/types/priorities', requireAdmin, vc.updatePriorities);
router.put('/types/:id', requireAdmin, vc.updateVacationType);
router.delete('/types/:id', requireAdmin, vc.deleteVacationType);
router.post('/types', vacPerm, vc.createVacationType);
router.put('/types/priorities', vacPerm, vc.updatePriorities);
router.put('/types/:id', vacPerm, vc.updateVacationType);
router.delete('/types/:id', vacPerm, vc.deleteVacationType);
// Vacation Balances (연차 배정)
router.get('/balances/year/:year', requireAdmin, vc.getBalancesByYear);
router.get('/balances/year/:year', vacPerm, vc.getBalancesByYear);
router.get('/balances/user/:userId/year/:year', requireAuth, vc.getBalancesByUserYear);
router.post('/balances', requireAdmin, vc.createBalance);
router.post('/balances/bulk-upsert', requireAdmin, vc.bulkUpsertBalances);
router.post('/balances/auto-calculate', requireAdmin, vc.autoCalculate);
router.put('/balances/:id', requireAdmin, vc.updateBalance);
router.delete('/balances/:id', requireAdmin, vc.deleteBalance);
router.post('/balances', vacPerm, vc.createBalance);
router.post('/balances/bulk-upsert', vacPerm, vc.bulkUpsertBalances);
router.post('/balances/auto-calculate', vacPerm, vc.autoCalculate);
router.put('/balances/:id', vacPerm, vc.updateBalance);
router.delete('/balances/:id', vacPerm, vc.deleteBalance);
// 장기근속 제외 설정
router.put('/long-service-exclusion', requireMinLevel('support_team'), vc.setLongServiceExclusion);